{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "# Custom Authenticators\n",
    "\n",
    "Let's peek at the Authenticator classes:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 1,
   "metadata": {},
   "outputs": [],
   "source": [
    "from jupyterhub.auth import Authenticator, PAMAuthenticator"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "\u001b[0;31mSignature:\u001b[0m Authenticator.authenticate(self, handler, data)\n",
       "\u001b[0;31mDocstring:\u001b[0m\n",
       "Authenticate a user with login form data\n",
       "\n",
       "This must be a tornado gen.coroutine.\n",
       "It must return the username on successful authentication,\n",
       "and return None on failed authentication.\n",
       "\n",
       "Checking the whitelist is handled separately by the caller.\n",
       "\n",
       "Args:\n",
       "    handler (tornado.web.RequestHandler): the current request handler\n",
       "    data (dict): The formdata of the login form.\n",
       "                 The default form has 'username' and 'password' fields.\n",
       "Returns:\n",
       "    username (str or None): The username of the authenticated user,\n",
       "    or None if Authentication failed\n",
       "\u001b[0;31mFile:\u001b[0m      ~/dev/jpy/jupyterhub/jupyterhub/auth.py\n",
       "\u001b[0;31mType:\u001b[0m      function\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "Authenticator.authenticate?"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "PAM calls out to a library with the given username and password:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "\u001b[0;31mSignature:\u001b[0m PAMAuthenticator.authenticate(self, handler, data)\n",
       "\u001b[0;31mSource:\u001b[0m   \n",
       "    @gen.coroutine\n",
       "    def authenticate(self, handler, data):\n",
       "        \"\"\"Authenticate with PAM, and return the username if login is successful.\n",
       "\n",
       "        Return None otherwise.\n",
       "        \"\"\"\n",
       "        username = data['username']\n",
       "        try:\n",
       "            pamela.authenticate(username, data['password'], service=self.service)\n",
       "        except pamela.PAMError as e:\n",
       "            if handler is not None:\n",
       "                self.log.warning(\"PAM Authentication failed (%s@%s): %s\", username, handler.request.remote_ip, e)\n",
       "            else:\n",
       "                self.log.warning(\"PAM Authentication failed: %s\", e)\n",
       "        else:\n",
       "            return username\n",
       "\u001b[0;31mFile:\u001b[0m      ~/dev/jpy/jupyterhub/jupyterhub/auth.py\n",
       "\u001b[0;31mType:\u001b[0m      function\n"
      ]
     },
     "metadata": {},
     "output_type": "display_data"
    }
   ],
   "source": [
    "PAMAuthenticator.authenticate??"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Here's a super advanced Authenticator that does very secure password verification:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {},
   "outputs": [],
   "source": [
    "class SuperSecureAuthenticator(Authenticator):\n",
    "    def authenticate(self, handler, data):\n",
    "        username = data['username']\n",
    "        # check password:\n",
    "        if data['username'] == data['password']:\n",
    "            return username"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Exercise:\n",
    "\n",
    "Write a custom username+password Authenticator where:\n",
    "\n",
    "1. passwords are loaded from a dict\n",
    "2. hashed+salted passwords are stored somewhere, but not cleartext passwords"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 5,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "'sha512:16384:98400e241da5a64d:6e2c468dea2e6ec6f185936f6ac1a96e6046c4cdf6c0156aecb03fcd2e9963c5058cbc7cf9d7792ed9edc5bc1703f6e14274b7ba5804781499e49bb077aacccb'"
      ]
     },
     "execution_count": 5,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# possibly useful:\n",
    "\n",
    "from jupyterhub.utils import hash_token, compare_token\n",
    "hash_token('mypassword')"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 6,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "True"
      ]
     },
     "execution_count": 6,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "compare_token(_, 'mypassword')"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.5.2"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 1
}
